diff options
author | Kash Pande <[email protected]> | 2018-02-20 13:13:20 -0500 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2018-02-23 12:57:28 -0800 |
commit | 7280d581973e923c6492b59803246a94347a47b8 (patch) | |
tree | b69fe52d69d526ba08e1d4eb809901988f657290 /contrib/dracut/90zfs/zfs-load-key.sh.in | |
parent | bf95a000c432dc92591432bfd2b7943cbbfb6708 (diff) |
Enable booting from nested encrypted datasets
- enable booting from nested encrypted datasets
- fix plymouth boot splash passphrase entry
- optimize unlock process
Co-authored-by: Kash Pande <[email protected]>
Co-authored-by: Matthew Thode <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #7214
Diffstat (limited to 'contrib/dracut/90zfs/zfs-load-key.sh.in')
-rwxr-xr-x | contrib/dracut/90zfs/zfs-load-key.sh.in | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/contrib/dracut/90zfs/zfs-load-key.sh.in b/contrib/dracut/90zfs/zfs-load-key.sh.in index 9a6241bd7..6c1f423ae 100755 --- a/contrib/dracut/90zfs/zfs-load-key.sh.in +++ b/contrib/dracut/90zfs/zfs-load-key.sh.in @@ -33,21 +33,13 @@ fi # if pool encryption is active and the zfs command understands '-o encryption' if [[ $(zpool list -H -o feature@encryption $(echo "${root}" | awk -F\/ '{print $1}')) == 'active' ]]; then - # check if root dataset has encryption enabled - if $(zfs list -H -o encryption "${root}" | grep -q -v off); then - # figure out where the root dataset has its key, the keylocation should not be none - while true; do - if [[ $(zfs list -H -o keylocation "${root}") == 'none' ]]; then - root=$(echo -n "${root}" | awk 'BEGIN{FS=OFS="/"}{NF--; print}') - [[ "${root}" == '' ]] && exit 1 - else - break - fi - done + # if the root dataset has encryption enabled + ENCRYPTIONROOT=$(zfs get -H -o value encryptionroot ${ZFS_DATASET}) + if ! [ "${ENCRYPTIONROOT}" = "-" ]; then # decrypt them TRY_COUNT=5 while [ $TRY_COUNT != 0 ]; do - zfs load-key "$root" <<< $(systemd-ask-password "Encrypted ZFS password for ${root}: ") + zfs load-key "${ENCRYPTIONROOT}" <<< $(systemd-ask-password "Encrypted ZFS password for ${root}: ") [[ $? == 0 ]] && break ((TRY_COUNT-=1)) done |